5 matches found
CVE-2026-39804
The vulnerability CVE-2026-39804 affects Bandit (Elixir) WebSocket permessage-deflate handling. The function Elixir.Bandit.WebSocket.PerMessageDeflate.inflate/2 calls :zlib.inflate/2 without an output size cap and materializes the full decompressed payload into a single binary, while max_frame_si...
Bandit 安全漏洞
Bandit is a high-performance HTTP and WebSocket server from the individual developer Mat Trudel. A security vulnerability exists in Bandit versions 0.5.9 through 1.11.0 and earlier, which stems from an unrestricted resource allocation when WebSocket permessage-deflate compression is enabled, whic...
Security Bulletin: Multiple Vulnerabilities in IBM watsonx Code Assistant On Prem
Summary Multiple vulnerabilities were addressed in IBM watsonx Code Assistant On Prem V5.3.1 Vulnerability Details CVEID:CVE-2026-1525 DESCRIPTION: Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-lengt...
CVE-2026-2229
ImpactThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the servermaxwindowbits parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression. ...
CVE-2026-1526 undici is vulnerable to Unbounded Memory Consumption in undici WebSocket permessage-deflate Decompression
The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses incoming compressed frames without enforcing any limit...